Datadog Resets Passwords Following Unauthorized Server Activity

SaaS-based monitoring and analytics platform Datadog has reset all stored passwords following unauthorized activity on some infrastructure servers.Chief Security Officer Andrew Becherer opened up to users about the incident over the weekend:“Last night we sent email notifications regarding a security incident that took place within our server infrastructure on 2016-07-08. While our team is working on the technical and forensics aspects of the incident response, we want to be fully transparent with you regarding our current status and help you protect your own infrastructure.”The Datadog security team detected unauthorized activity associated with several production infrastructure servers, including a database that stores user credentials.A user also reported someone unsuccessfully attempted to leverage their AWS credentials shared with Datadog.The incident did not affect the platform’s service. As of this writing, Datadog rebuilt all compromised systems and infrastructure as well as mitigated all vulnerabilities. It also determined that any agents running on users’ servers were not unaffected.The cloud monitoring solutions provider stores all passwords using bcrypt, a strong cryptographic algorithm which takes time and resources to break. But to be on the safe side, Datadog sent out a security notice to all admin users urging them to rotate/revoke stored credentials, and it invalidated all stored passwords (Google Auth and SAML users aren’t affected).

Leave a Reply